Active Directory network deployment: Difference between revisions

From URL Lock
Jump to navigation Jump to search
Line 10: Line 10:
#Start the Microsoft Group Policy Management Console, which is listed in the "Administrative Tools" as "Group Policy Management"
#Start the Microsoft Group Policy Management Console, which is listed in the "Administrative Tools" as "Group Policy Management"
#Right-click on the domain that you want to add the policy to and select "Create and Link GPO Here." Give your new group policy object a name, such as "IE URL Lock"<br/>[[Image:Gpm-createandlinkgpo.png]]
#Right-click on the domain that you want to add the policy to and select "Create and Link GPO Here." Give your new group policy object a name, such as "IE URL Lock"<br/>[[Image:Gpm-createandlinkgpo.png]]
#Click on the newly created group policy object
#In the "Security Filtering" section for this newly created group policy object, click on the "Add..." button and add computers that you want to install IE URL Lock onto
#In the "Security Filtering" section for this newly created group policy object, click on the "Add..." button and add computers that you want to install IE URL Lock onto
#Remove "Authenticated Users" from the "Security Filtering" section if it was automatically added. We want this policy to apply only to computers
#Remove "Authenticated Users" from the "Security Filtering" section if it was automatically added. We want this policy to apply only to computers

Revision as of 05:08, 30 July 2007

To deploy IE URL Lock with ActiveDirectory, follow these general guidelines. These instructions presently assume that you have installed the Microsoft Group Policy Management Console, which makes group policy management easier.

Copy the IE URL Lock MSI file into a shared folder on the server that all relevant computers can read

If you have not already done so, you will need to create a shared folder that contains the IE URL Lock MSI file so that computers that you want to install IE URL Lock onto can download and install it. You will need to ensure that the permissions are proper on both the share and on the folder within the NTFS filesystem.

Create or reuse a computer-based installation policy

IE URL Lock installs best when it's included in a computer policy. At this time, limitations of the current installer are preventing group and user installation policies from installing and uninstalling IE URL Lock properly. Workarounds are available, but are complex. For now, computer policies are the preferred way to deploy IE URL Lock. Note that it is easy to disable IE URL Lock with a group or user policy so that, as an example, administrators can have IE URL Lock disabled when they log on.

Create a new computer-based installation policy

  1. Start the Microsoft Group Policy Management Console, which is listed in the "Administrative Tools" as "Group Policy Management"
  2. Right-click on the domain that you want to add the policy to and select "Create and Link GPO Here." Give your new group policy object a name, such as "IE URL Lock"
    Gpm-createandlinkgpo.png
  3. Click on the newly created group policy object
  4. In the "Security Filtering" section for this newly created group policy object, click on the "Add..." button and add computers that you want to install IE URL Lock onto
  5. Remove "Authenticated Users" from the "Security Filtering" section if it was automatically added. We want this policy to apply only to computers
  6. After adding the computers, right-click on your new GPO and select "Edit..." from the right-click menu
  7. Jump to the section below entitled "Adding the installation information to the group policy"

Reuse an existing computer-based policy

  1. Start the Microsoft Group Policy Management Console, which is listed in the "Administrative Tools" as "Group Policy Management"
  2. Right-click on the GPO that you want to use and select "Edit..." from the right-click menu. Be sure that this is a policy that is applied to computers instead of groups or users
  3. Jump to the section below entitled "Adding the installation information to the group policy"

Adding the installation information to the group policy

  1. In the Group Policy Object Editor window, open "Computer Configuration" -> "Software Settings" -> "Software installation"
  2. Right-click on "Software installation" and select "New" -> "Package..."
    Gpoedit-newpackage.png
  3. Navigate to the shared folder through the network path and select the IE URL Lock MSI package file. Don't use the local path; workstations will be unable to install the MSI if you do that. Windows will warn you if you try to use the local path, too. In my example, I navigated to \\W2003server\Share
    Select-msi-from-share.png
  4. When asked for the deployment type, you can select either "Assigned" or "Advanced." The difference is that the latter will open up the properties window automatically for you. If you selected "Advanced," then you can right-click on the newly-added package and select "Properties" to proceed to the next step
  5. Click on the "Deployment" tab and select the "Uninstall this application when it falls out of the scope of management" to enable easy uninstallation. Press the OK button to save these changes
  6. IE URL Lock will now install on computers that this policy applies to when they restart

Create or reuse a configuration policy

Depending on your needs, you can configure IE URL Lock using computer, group, or user policies. Most administrators will likely want to use group policies to configure IE URL Lock to give different user groups different levels of access to Internet Explorer.

Retrieved from "https://www.moonlightdesign.org/urllock/wiki/index.php?title=Active_Directory_network_deployment&oldid=1488"